You have a Windows laptop computer with an integrated, dual-band, Wi-Fi compliant adapter. Your laptop computer has protocol analyzer software installed that is capable of capturing and decoding 802.11ac data. What statement best describes the likely ability to capture 802.11ac frames for security testing purposes?

A. Integrated 802.11ac adapters are not typically compatible with protocol analyzers in Windows laptops. It is often best to use a USB adapter or carefully select a laptop with an integrated adapter that will work.

B. Laptops cannot be used to capture 802.11ac frames because they do not support MU-MIMO.

C. Only Wireshark can be used to capture 802.11ac frames as no other protocol analyzer has implemented the proper frame decodes.

D. All integrated 802.11ac adapters will work with most protocol analyzers for frame capture, including the Radio Tap Header.

E. The only method available to capture 802.11ac frames is to perform a remote capture with a compatible access point.

What WLAN client device behavior is exploited by an attacker during a hijacking attack?

A. After the initial association and 4-way handshake, client stations and access points do not need to perform another 4-way handshake, even if connectivity is lost.

B. Client drivers scan for and connect to access point in the 2.4 GHz band before scanning the 5 GHz band.

C. When the RF signal between a client and an access point is disrupted for more than a few seconds, the client device will attempt to associate to an access point with better signal quality.

D. When the RF signal between a client and an access point is lost, the client will not seek to reassociate with another access point until the 120 second hold down timer has expired.

E. As specified by the Wi-Fi Alliance, clients using Open System authentication must allow direct client-toclient connections, even in an infrastructure BSS.

The Aircrack-ng WLAN software tool can capture and transmit modified 802.11 frames over the wireless network. It comes pre-installed on Kali Linux and some other Linux distributions. Which one of the following would not be a suitable penetration testing action taken with this tool?

A. Auditing the configuration and functionality of a WIPS by simulating common attack sequences.

B. Transmitting a deauthentication frame to disconnect a user from the AP.

C. Cracking the authentication or encryption processes implemented poorly in some WLANs.

D. Probing the RADIUS server and authenticator to expose the RADIUS shared secret.

What EAP type supports using MS-CHAPv2, EAP-GTC or EAP-TLS for wireless client authentication?

A. EAP-GTC

B. PEAP

C. EAP-TTLS

D. LEAP

E. H-REAP

What TKIP feature was introduced to counter the weak integrity check algorithm used in WEP?

A. RC5 stream cipher

B. Block cipher support

C. Sequence counters

D. 32-bit ICV (CRC-32)

E. Michael

ABC Company is an Internet Service Provider with thousands of customers. ABC's customers are given login credentials for network access when they become a customer. ABC uses an LDAP server as the central user credential database. ABC is extending their service to existing customers in some public access areas and would like to use their existing database for authentication. How can ABC Company use their existing user database for wireless user authentication as they implement a large-scale WPA2Enterprise WLAN security solution?

A. Implement a RADIUS server and query user authentication requests through the LDAP server.

B. Mirror the LDAP server to a RADIUS database within a WLAN controller and perform daily backups to synchronize the user databases.

C. Import all users from the LDAP server into a RADIUS server with an LDAP-to-RADIUS conversion tool.

D. Implement an X.509 compliant Certificate Authority and enable SSL queries on the LDAP server.

The Marketing department's WLAN users need to reach their file and email server as well as the Internet, but should not have access to any other network resources. What single WLAN security feature should be implemented to comply with these requirements?

A. RADIUS policy accounting

B. Group authentication

C. Role-based access control

D. Captive portal

E. Mutual authentication

What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

A. Group Cipher Suite

B. Pairwise Cipher Suite List

C. AKM Suite List

D. RSN Capabilities

What preventative measures are performed by a WIPS against intrusions?

A. Uses SNMP to disable the switch port to which rogue APs connect.

B. Evil twin attack against a rogue AP.

C. EAPoL Reject frame flood against a rogue AP.

D. Deauthentication attack against a classified neighbor AP.

E. ASLEAP attack against a rogue AP.

After completing the installation of a new overlay WIPS for the purpose of rogue detection and security monitoring at your corporate headquarters, what baseline function MUST be performed in order to identify the security threats?

A. Separate security profiles must be defined for network operation in different regulatory domains.

B. WLAN devices that are discovered must be classified (rogue, authorized, neighbor, etc.) and a WLAN policy must define how to classify new devices.

C. Upstream and downstream throughput thresholds must be specified to ensure that service-level agreements are being met.

D. Authorized PEAP usernames must be added to the WIPS server's user database.